Chris Evans discovered several problems in gdk-pixbuf, the GdkPixBuf library used in Gtk. It is possible for an attacker to execute arbitrary code on the victims machine. Gdk-pixbuf for Gtk+1.2 is an external package. For Gtk+2.0 it's part of the main gtk package.

The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities:

CAN-2004-0782

Heap-based overflow in pixbuf_create_from_xpm.

CAN-2004-0783

Stack-based overflow in xpm_extract_color.

CAN-2004-0788

Integer overflow in the ico loader.

For the stable distribution (woody) these problems have been fixed in version 2.0.2-5woody2.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your Gtk packages.

Upgrade Instructions---------------------

wget url will fetch the file for youdpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below: